Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,126 vulnerabilities with CWE-22

CVE-2026-20982 MEDIUM

ShortcutService <SMR Feb-2026 Release 1 - Path Traversal

CVE-2026-1812 MEDIUM

bolo-blog bolo-solo <2.6.4 - Path Traversal

CVE-2026-1811 MEDIUM

bolo-blog bolo-solo <2.6.4 - Path Traversal

CVE-2026-24053 MEDIUM

Claude Code <2.0.74 - Privilege Escalation

CVE-2026-1810 MEDIUM

bolo-blog bolo-solo <2.6.4 - Path Traversal

CVE-2026-25228 MEDIUM

Signal K Server < 2.20.3 - Authenticated Path Traversal via Backslash Bypass

CVE-2026-25059 HIGH

OpenList < 4.1.10 - Authenticated Path Traversal in File Operation Handlers

CVE-2026-1703 LOW

pip < 26.0 - Path Traversal via Maliciously Crafted Wheel Archive

CVE-2026-1186 HIGH

EAP Legislator <2.25a - Path Traversal

CVE-2026-25069 CRITICAL

SunFounder Pironman Dashboard <1.3.13 - Path Traversal

CVE-2026-25152 MEDIUM

@backstage/plugin-techdocs-node < 1.14.1 and 1.13.11 - Path Traversal via Symlink Processing in Local Generator

CVE-2026-22625 MEDIUM

HIKSEMI HS-AFS-S1H1 >=V5.10.10_Build_251126 - Path Traversal

CVE-2026-0963 CRITICAL

Crafty Controller - Authenticated Path Traversal and Remote Code Execution via File Operations API Endpoint

CVE-2026-0805 HIGH

Crafty Controller 4.5.0-4.7.9 - Authenticated Path Traversal and Remote Code Execution via Backup Configuration

CVE-2026-25116 HIGH

runtipi 4.5.0-4.7.1 - Unauthenticated Path Traversal and Remote Code Execution via UserConfigController

CVE-2026-24846 MEDIUM

malcontent 1.8.0-1.20.2 - Path Traversal via Symlink Handling

CVE-2026-24687 MEDIUM

Umbraco.Forms 16.0.0-16.4.0 and 17.0.0-17.1.0 - Authenticated Path Traversal via Export Endpoint

CVE-2026-1616 HIGH

Open Security Issue Management <v2025.9.0 - Path Traversal

CVE-2026-1588 LOW

jishenghua jshERP < 3.6 - Path Traversal via DefaultPluginOperator install Function

CVE-2026-24897 CRITICAL

erugo <= 0.2.14 - Authenticated Path Traversal and Remote Code Execution via Share Creation

CVE-2026-1549 MEDIUM

jishenghua jshERP < 3.6 - Path Traversal via PluginController configFile Parameter

CVE-2026-1532 LOW

D-Link DCS-700L < 1.03.09 - Path Traversal via Music File Upload

CVE-2026-1056 CRITICAL

Snow Monkey Forms <12.0.3 - Path Traversal

CVE-2026-24842 HIGH

isaacs/tar < 7.5.7 - Path Traversal via Hardlink Entry Mismatch

CVE-2026-24770 CRITICAL

RAGFlow < 0.23.1 - Path Traversal and Remote Code Execution via Malicious ZIP Archive

Previous Page 37 of 366 Next

Details

Vulnerabilities 9,126

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy